Connect public, paid and private patent data with Google Patents Public Datasets

System, method and program product to prevent unauthorized access to portable memory or storage device

Download PDF

Info

Publication number
US7496765B2
US7496765B2 US11081066 US8106605A US7496765B2 US 7496765 B2 US7496765 B2 US 7496765B2 US 11081066 US11081066 US 11081066 US 8106605 A US8106605 A US 8106605A US 7496765 B2 US7496765 B2 US 7496765B2
Authority
US
Grant status
Grant
Patent type
Prior art keywords
storage
device
access
memory
processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US11081066
Other versions
US20050206353A1 (en )
Inventor
Yasuhiko Sengoku
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Abstract

System, method and program product for protecting access to a portable memory or storage device. There can be detection if the portable memory or storage device is more than a predetermined distance from a reference location. If so, access to a portion or all of data within the portable memory or storage device is automatically prevented. The reference location can be the location of a computing apparatus which is authorized to access the portable memory or storage device. Also, there can be detection of lapse of a predetermined time the portable memory or storage device has been unable to communicate with a predetermined computing apparatus. In response, access to a portion or all of data stored on the portable memory or storage device is prevented. Also, there can be detection of lapse of a predetermined time since the portable memory or storage device has been accessed by an information processing apparatus in which the device is installed. In response, access to a portion or all of data stored on the portable memory or storage device is prevented.

Description

BACKGROUND

The present invention relates generally to portable memory and storage devices, and more particularly to a technique to prevent unauthorized access to data on a portable memory or storage device when the portable memory or storage device is removed from an intended information processing device.

Portable memory and storage devices, such as USB memories, PCMCIA memory cards and SD memory cards, are used for transporting or transferring data between computing devices. The portability results from simple detachment from or attachment to suitable computing devices, either by a physical attachment or wireless connection. Because these memory and storage devices are portable, they can be lost or stolen. Consequently, they can fall into the hands of an unintended third party. Therefore, it is desirable to prevent unauthorized access to data on the portable memory or storage device when the portable memory or storage device is removed from an intended information processing device.

In known USB memories, part or all of the memory or storage area is classified as a security area which only an authorized user can access with a proper password. See “PC peripherals: Options by IBM 256 MB USB 2.0 Memory Key” (IBM Japan, Internet URL: http://www-6.ibm.com/jp/pc/option/obi/nob03/22p9025/22p9025a.html, available on Feb. 26, 2004). This document describes a portable memory or storage device where a user must be authenticated through a password before the user can read data stored in a security area. This protects the data from unauthorized access. However, password authentication requires authentication each time the portable memory or storage device is plugged into another information processing apparatus. For example, if the user wants to provide data from his or her personal computer (PC) to another person's PC, the user attaches the portable memory or storage device to his or her PC, writes data on it, detaches the portable memory or storage device from his or her PC, then attaches the portable memory or storage device to the other person's PC, and then must undergo authentication before reading the data on that person's PC. Moreover, because the user enters his or her password on the other person's PC to permit access by this other person, the password may be seen by the other person.

An object of the present invention is to protect a portable memory or storage device from unauthorized access. A more specific object of the present invention is to protect a portable memory or storage device from unauthorized access, in a convenient manner.

SUMMARY OF THE INVENTION

The invention resides in a system, method and program product for protecting access to a portable memory or storage device. There is detection if the portable memory or storage device is more than a predetermined distance from a reference location. If so, access to a portion or all of data within the portable memory or storage device is automatically prevented. The reference location can be the location of a computing apparatus which is authorized to access the portable memory or storage device.

The invention also resides in a system, method and program product for protecting access to a portable memory or storage device. There is detection of lapse of a predetermined time the portable memory or storage device has been unable to communicate with a predetermined computing apparatus. In response, access to a portion or all of data stored on the portable memory or storage device is prevented.

The invention also resides in a system, method and program product for protecting access to a portable memory or storage device. There is detection of lapse of a predetermined time since the portable memory or storage device has been accessed by an information processing apparatus in which the device is installed. In response, access to a portion or all of data stored on the portable memory or storage device is prevented.

The invention also resides in a system, method and program product for protecting access to a portable memory or storage device. A connection interface of the portable memory or storage device is covered with a protective cover while removed from an information processing apparatus. The memory or storage device with the cover will not fit into the information storage apparatus. The memory or storage device is installed into an information storage apparatus without the cover. Subsequently, it is detected that the cover has been removed for a preset time. In response, access to a portion or all of the data on the memory or storage device is prevented.

According to features of the present invention, the access prevention can be prevention or reading or writing to the data, deletion of the data and/or encryption of the data.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 shows an exemplary environment which includes a portable memory or storage device according to an embodiment of the present invention.

FIG. 2 shows an exemplary structure of the portable memory or storage device of FIG. 1.

FIG. 3 is a flow diagram of the portable memory or storage device of FIG. 1.

FIG. 4 is a flow chart of programming within the portable memory or storage device of FIG. 1.

FIG. 5 is a flow diagram of a portable memory or storage device according to another embodiment of the present invention.

FIG. 6 is a flow chart of programming within the portable memory or storage device of FIG. 5.

FIG. 7 shows another environment which includes the portable memory or storage devices of FIG. 1 or 5.

FIG. 8 is a block diagram of a computer which includes the memory or storage device of FIG. 1 or 5.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 shows an example of a computer environment which includes a portable memory or storage device 10 according to the present invention. The portable memory or storage device 10 is used for transporting or transferring data between the user's own information processing devices 11 a and 11 b or between the user's information processing apparatus 110 a or 110 b and another person's information processing apparatus 110 c.

The portable memory or storage device 10 is removable or detachable from and installable in or attachable to any of the information processing apparatus 110 a,b or c. The attachment can be physical or wireless. When a physical connection is used, the user inserts the device 10 in an apparatus 110 a,b or c, writes data onto device 10, and subsequently removes the device 10 from apparatus 110 a,b or c, transports device 10 to another information processing apparatus, inserts the device 10 into this other information processing apparatus and then accesses the data from this other information processing apparatus. When a wireless connection is used, the portable memory or storage device 10 may transmit and receive data wirelessly to and from any information processing apparatus 110 a,b or c at close range, without being physically attached to the information processing apparatus 110 a,b or c.

The information processing apparatuses 110 a, 110 b and 110 c may be desktop or laptop PCs, PDAs (Personal Data Assistant), mobile phones, digital cameras, or digital video cameras that transmit and receive data to and from the portable memory or storage device 10. In the illustrated example, information processing apparatus 11 a is stationary such as a desktop PC, which may be located at the home or office of the user, and information processing apparatus 110 b and 110 c are a mobile information processing apparatus such as a laptop/notebook PC or PDA.

A network 100 is a communication network such as the Internet that connects with information processing apparatus 110 a through a cable communication network link and also connects with information processing apparatus 110 b through a wireless communication network link.

Before traveling, the user can write data from information processing apparatus 110 a to the portable memory or storage device 10, remove the device 10 from apparatus 110 a, then connect the portable memory or storage device 10 to information processing apparatus 110 b, and then carry information processing apparatus 110 b to another location. Then, at the other location, the user apparatus 110 b can write data to the portable memory or storage device 10 and then detach the portable memory or storage device 10 from apparatus 110 b, and then install device 10 in information processing apparatus 110 c to provide the data on device 10 to another person who owns apparatus 110 c. The owner of apparatus 110 c can also write data from information processing apparatus 110 c to the portable memory or storage device 10, remove device 10 from apparatus 110 c and then transport the portable memory or storage device 10 to information processing apparatus 110 b and attach device 10 to apparatus 110 b to convey data to the owner of apparatus 110 b. The portable memory or storage device 10 may also be used to exchange data between information processing apparatuses 110 a and 110 c in the same way as between information processing apparatuses 110 b and 110 c.

The data on device 10 may be confidential or personal, and access should be protected in case the device 10 is lost or stolen during transport or detached from one of the apparatuses 110 a,b or c without permission. In accordance with the present invention, access to the portable memory or storage device 10 is prevented when the portable memory or storage device 10 is at a distance more than or equal to a preset range from a specified apparatus such as apparatus 110 a or the last authorized apparatus to access device 10.

FIG. 2 shows an exemplary construction of the portable memory or storage device 10. The portable memory or storage device 10 includes a main unit 20 including a connection interface 200, a protective-cover/removal-detecting switch 220, an input switch 230, and a protective cover 210. The connection interface 200, which may be a USB connector or the like, is an attachment interface for an information processing apparatus 110 a,b or c for transmitting and receiving data to and from the information processing apparatus 110 a,b or c. The protective cover 210 can cover the connection interface 200 while the portable memory or storage device 10 is not inserted into the information processing apparatus 110 a,b or c. The protective cover 210 can be removed from the connection interface 200 to expose the connection interface 200 so that it can be inserted into the information processing apparatus 110 a,b or c. (The portable memory or storage device 10 will not fit into the apparatus 110 a,b or c with the cover 210 over the connection interface 200.) The protective-cover/removal-detecting switch 220 is depressed when the protective cover 210 covers the connection interface 200 and returns to the original, “out” position when the protective cover 210 is removed. Thus, switch 220 detects whether the protective cover 210 is removed or attached. The input switch 230 is depressed by the user of the portable memory or storage device 10 when inputting an instruction when the user wants to disable the protection capability of the portable memory or storage device 10.

FIG. 3 shows a functional configuration of the portable memory or storage device 10. The portable memory or storage device 10 includes the connection interface 200, a memory or storage area 300, an access controller 310, a trigger detecting unit 320, an access prohibition determining unit 350, and an access prohibiting unit 360. The connection interface 200 is connected to an information processing apparatus 110 a,b or c for transmitting and receiving data stored in the portable memory or storage device 10 to and from the information processing apparatus 110 a,b or c. The memory or storage area 300 stores data, which may be provided to the portable memory or storage device 10 by the user of the portable memory or storage device 10.

The access controller 310 receives an access request such as a read request for reading data from the memory or storage area 300 and a write request for writing data to the memory or storage area 300 from an information processing apparatus 110 a,b or c through the connection interface 200. When receiving an access request, the access controller 310 performs an access operation such as a data write or read to or from the memory or storage area 300 and returns an acknowledgment (in the case of a write) or requested data (in the case or a read) to the information processing apparatus 110 a,b or c.

The trigger detecting unit 320 detects a trigger condition for prohibiting access to a portion or all of the data stored in the memory or storage area 300. The trigger detecting unit 320 according to the present embodiment includes, in addition to the protective-cover/removal-detecting switch 220 and the input switch 230 shown in FIG. 2, a range detector 325, a preset range detector 330, and a time-out detector 335. The protective-cover/removal-detecting switch 220 detects whether the protective cover 210 is removed. The input switch 230 inputs a permission instruction from the user to disable access protection by the access prohibition unit 360. The range detector 325 detects whether the portable memory or storage device 10 is beyond a preset range or distance from a reference device. If the device 10 has a wireless communication unit for wireless communication with apparatus 110 a,b or c, then the out-of-range condition can be based on whether the device 10 is within wireless communication range of the “home” apparatus 110 a,b or c. The range detector can be a non-contact IC tag, RFID, Bluetooth device or any wireless communication device pair for short, preset ranges, and a GPS unit for longer, preset ranges. The predetermined device in the present embodiment can be the desk top information processing apparatus 110 a that has accessed the portable memory or storage device 10. Alternately, the reference device may be a mobile information processing apparatus 110 b or c, such as a mobile phone, PDA, or wireless IC card, that is carried by the user.

The preset range storage 330 can store different preset ranges associated with a number of information processing apparatuses 110 a,b or c used by the user of the portable memory or storage device 10. The preset range storage 330 allows the range detector 325 to use the preset range associated with the respective information processing apparatus 110 a,b or c that has last accessed the portable memory or storage device 10.

The time-out detector 335 detects whether a preset time has elapsed after the protective cover 210 is removed from the connection interface 200. Even if portable memory or storage device 10 is installed in the owner's information processing apparatus for a long time, the time-out will occur. However, a pop-up will appear on the screen which will permit the user to authenticate himself or herself with a valid userID and password or biometric such as a finger print, to temporarily disable the denial of access protection.

The access prohibition determining unit 350 determines whether access to a portion or all of the data in memory or storage area 300 should be prohibited, based on one or more of: an out-of-range condition detected by the range detector 325, a time-out detected by the time-out detector 335, a protective cover 210 removal detected by the protective-cover/removal-detecting switch 220, or a permission instruction input through the input switch 230. The access prohibiting unit 360 prevents access to a potion or all of the data stored in the memory or storage area 300 if the access prohibition determining unit 350 determines that access should be prohibited based on one or more of the foregoing factors. In one embodiment of the present invention, the access prohibition unit 360 includes an encrypting program module 370 to encrypt data stored in the memory or storage area 300 when access should be prevented, such that the data cannot be understood by a third party. In addition to or instead of the foregoing encryption, the access prohibiting unit 360 includes a read prohibiting program module 365 and a read permitting program module 375. The read prohibiting program module 365 prohibits reading of data stored in the memory or storage area 300 when access is prohibited. The read permitting program module 375 permits reading of encrypted data by a user who is allowed to decrypt the data. Once the data is encrypted and easy access is prevented, to gain access and decrypt the data the user must authenticate himself or herself using a valid userID and password or a biometric such as a finger print.

FIG. 4 is a flowchart of programming within the portable memory or storage device 10. An example will be described below in which data is moved from information processing apparatus 110 b to information processing apparatus 110 c. First, the portable memory or storage device 10 is attached to information processing apparatus 110 b. Then, the access controller 310 receives an access request from information processing apparatus 110 b and accesses the memory or storage area 300 (S400). The access controller 310 may first receive a password entered by the user of the portable memory or storage device 10 from information processing apparatus 110 b, authenticate the user and, if the user is authentic, then permit the user to access to the memory or storage area 300. Alternately, when the access controller 310 receives a request for writing new data into the memory or storage area 300, the access controller 310 may write the new data into the memory or storage area 300 without authenticating the user. Then, the range detector 325 receives information identifying information processing apparatus 110 b (connected to the portable memory or storage device 10 through the connection interface 200) and, based on the identification information, selects one of a plurality of preset ranges stored in the preset range storage 330 (S405). If the portable memory or storage device 10 is accessed by one of the information processing apparatus 110 a,b or c, and after this access the device 10 is not accessed by another information processing apparatus 110 a,b or c, the range detector 325 reads and uses the preset range associated with the one information processing apparatus 110 a,b or c. The identification information may be a manufacturer's serial number uniquely assigned to each information processing apparatus 110 a,b or c. Alternatively, it may be information that is set to different values according to whether the information processing apparatus 110 a,b or c is portable or not, or whether it is shared by more than one user. Then, the range detector 325 detects whether the portable memory or storage device 10 is out-of range, i.e. at a distance greater than or equal to the preset range from the one information processing apparatus 110 a,b or c that has accessed the portable memory or storage device 10 (S410).

The range detector 325 may have a close-range communication capability to communicate wirelessly with an information processing apparatus 110 a,b or c and thereby access memory or storage device 10. Range detector 325 may determine that the portable memory or storage device 10 is out of a preset range from the information processing apparatus 110 a,b or c if it becomes unable to communicate wirelessly with the information processing apparatus 110 a,b or c or if the strength of the radio wave from the information processing apparatus 110 a,b or c drops below a predetermined value. Thus, the range detector 325 can detect whether the portable memory or storage device 10 is out of range, based on whether the portable memory or storage device 10 has been moved away from information processing apparatus 110 b beyond the preset range after its removal from information processing apparatus 110 b. For this purpose, the range detector 325 may use a wireless IC chip, for example, to communicate wirelessly with the information processing apparatus 110 a,b or c. If the portable memory or storage device 10 wirelessly communicates data with the information processing apparatus 110 a,b or c, the preset range used by the range detector 325 may or may not be the same as a range within which they can communicate data. Therefore, there is another technique to base a decision whether to deny access. The time-out detector 335 detects whether a time-out has occurred, that is, a preset time has elapsed after removal of the protective cover 210 from the connection interface 200 (S415). If the user of the portable memory or storage device 10 depresses the input switch 230, the trigger detecting unit 320 provides a permission instruction (S420). Then, the access prohibition determining unit 350 makes a determination based on a condition detected by the trigger detecting unit 320 as to whether access prohibition should be applied to data written from information processing apparatus 110 b into the memory or storage area 300. In particular, the access prohibition determining unit 350 makes the determination as to whether access should be prohibited, as follows.

(1) Determination Based on Out-of-Range Condition:

If an out-of-range condition is detected by the range detector 325 (S425: YES), the access prohibition determining unit 350 determines that access prohibition should be applied. Thus, if the user drops or leaves the portable memory or storage device 10 behind and carries information processing apparatus 110 b to another, out-or-range location, the portable memory or storage device 10 can cause the access prohibiting unit 360 to apply access prohibition.

(2) Determination Based on Time-Out:

If the time-out detector 335 detects a time-out (S430: YES), then the access prohibition determining unit 350 determines that access prohibition should be applied. Thus, if the user leaves the portable memory or storage device 10 for a period longer than a preset time while using the portable memory or storage device 10 without the protective cover 210, the portable memory or storage device 10 can detect the time-out and causes the access prohibiting unit 360 to apply access prohibition. If the portable memory or storage device 10 is subsequently installed in an information processing apparatus, a pop-up will appear on the screen which will permit the user to authenticate himself or herself with a valid userID and password or biometric such as a finger print, to temporarily disable the denial of access protection.

(3) Determination based on presence or absence of protective cover 210: When the protective cover 210 is attached to the connection interface 200 (S435: YES), the access prohibition determining unit 350 determines that access prohibition should be applied. Thus, when the user attaches the protective cover 210 after finishing using the portable memory or storage device 10, the portable memory or storage device 10 can detect this and cause the access prohibiting unit 360 to apply access prohibition. If the portable memory or storage device 10 is subsequently installed in an information processing apparatus, a pop-up will appear on the screen which will permit the user to authenticate himself or herself with a valid userID and password or biometric such as a finger print, to temporarily disable the denial of access protection.
(4) Determination Based on Permission Instruction:

Device 10 also allows a permission instruction to be entered by the user after supplying a valid user ID and password. In such a case, the access prohibition determining unit 350 disables access prohibition by the access prohibiting unit 360 regardless of the above-described determination (1), (2), and/or (3) (S437: YES). In such a case, the access prohibiting unit 350 does not apply access prohibition even if an out-of-range condition, a time-out and/or attachment of the protective cover 210, provided that a permission instruction is entered at a time when the portable memory or storage device 10 can transmit and receive data to and from information processing apparatus 110 b, that is, while the portable memory or storage device 10 is attached to information processing apparatus 110 b. Thus, even if it is determined based on the above described condition (1), (2) or (3) that access should be prohibited, the user of the portable memory or storage device 10 can disable access prohibition. In such a case, the access prohibition determining unit 350 will permit subsequent access from information processing apparatus 110 c if the input switch 230 is depressed while the portable memory or storage device 10 is attached to information processing apparatus 110 b, and then the portable memory or storage device 10 is attached to information processing apparatus 110 c while the input arrangement is held depressed. Alternately, if the user depresses the input switch 230 while the portable memory or storage device 10 is attached to information processing apparatus 110 b and then the user releases the input switch 230, the access prohibition determining unit 350 does not cause the access prohibiting unit 360 to apply access prohibition.

Furthermore, if an out-of-range condition or a time-out is detected or the protective cover 210 is attached to the connection interface 200, the access prohibition determining unit 350 determines that access prohibition should be applied, provided that a permission instruction is not input. Alternately, the access prohibition determining unit 350 may determine that access prohibition should be applied, provided that any combination of these conditions are met. For example, access prohibition determining unit 350 may determine that access prohibition should be applied if at least one of an out-of-range condition and a time-out is detected, or if one of these conditions is met and also the protective cover 210 is attached to the connection interface 200.

If the access prohibition determining unit 350 determines that access prohibition should be applied, the access prohibiting unit 360 applies access prevention (S440). In particular, the read prohibiting program module 365 first prohibits reading of data stored in the memory or storage area 300. For example, the read prohibiting program module 365 may delete entries of data the reading of which should be prohibited from a file management table for managing the files in the portable memory or storage device 10 to prevent reading of the data. Furthermore, the read prohibiting program module 365 may prohibit reading of data by moving the data to a protected area which is a memory or storage area 300 that only an authorized user can read. The protected area may be a security area in a USB memory. Then, the encrypting program module 370 encrypts the reading of data which is prohibited by the read prohibiting program module. Then, the read permitting program module 375 permits reading of the encrypted data so that only a user and a recipient of the data who are allowed to decrypt the encrypted data can read the data properly. As a result of the above-described process performed by the read prohibiting program module 365, encrypting program module 370, and read permitting program module 375, access to data by an unintended third party can be prevented.

Alternately, the access prohibiting unit 360 may prevent access to a portion or all of the data stored on the portable memory or storage device 10 by deleting it. In this case, the access prohibiting unit 360 may selectively delete data stored on the portable memory or storage device 10. For example, if the access prohibiting unit 360 determines that the same data stored on the portable memory or storage device 10 is also stored in information processing apparatus 110 b that has accessed the portable memory or storage device 10, the access prohibiting unit 360 may delete the data from the portable memory or storage device 10. On the other hand, if the access prohibiting unit 360 determines that the same data is not stored in information processing apparatus 110 b, the access prohibiting unit 360 does not delete the data stored in the portable memory or storage device 10. In particular, if data has been copied from information processing apparatus 110 b to the portable memory or storage device 10, the access prohibiting program module 360 checks the data at regular intervals to see if the data copied to the portable memory or storage device 10 matches the original data stored in information processing apparatus 110 b. If the original data exists in information processing apparatus 110 b at the time the portable memory or storage device 10 is removed from information processing apparatus 110 b, the access prohibiting unit 360 may delete the data stored on the portable memory or storage device 10. This deletion allows the portable memory or storage device 10 to prevent release of data more adequately compared with encryption.

Furthermore, if the access prohibition determining unit 350 determines that access prohibition should be applied, the access prohibiting unit 360 may first encrypt data and, after the expiration of a predetermined period of time, delete the data from the portable memory or storage device 10. For example, if it is determined that access prohibition should be applied, the access prohibiting unit 360 may encrypt data and, after a lapse of one hour, delete that data.

If it is determined that access prohibition should be applied, the access prohibiting unit 360 may request authentication of access to data stored on the portable memory or storage device 10 so that only an authorized user can access the data. Then, the portable memory or storage device 10 is attached to an information processing apparatus 110 a,b or c or a third party's information processing apparatus 110 a,b or c and receives a data access request from the information processing apparatus 110 a,b or c. If access is not prohibited by the access prohibiting unit 360 (S445: NO) when the access request is received, then the access controller 310 permits access to the file data without requesting decryption of the data or authentication (S455). On the other hand, if access is prohibited by the access prohibiting unit 360 (S445: YES), the access controller 310 prevents access to the data (S455), unless the access prohibition is removed by data decryption by the user of the portable memory or storage device 10 or authentication of the user (S450).

According to the portable memory or storage device 10 described above, data stored on the portable memory or storage device 10 can be protected against third party access while the user of the portable memory or storage device 10 carrying information processing apparatus 110 b is out of a preset range from the portable memory or storage device 10. For example, if the range is preset to 5 meters, the user of the portable memory or storage device 10 can attach the portable memory or storage device 10 to information processing apparatus 110 b and copy data to the portable memory or storage device 10 in a meeting room or the like and then attach the portable memory or storage device 10 to information processing apparatus 110 c of a person on the next or opposite seat to read the data from the portable memory or storage device 10 into information processing apparatus 110 c without repeating authentication or the like. If the user left the portable memory or storage device 10 behind in the meeting room, the portable memory or storage device 10 would apply access prohibition to protect the data.

FIG. 5 shows a functional configuration of a portable memory or storage device 810 according to another embodiment of the present embodiment. Components of device 810 labeled in FIG. 5 with the same reference numbers as those in the portable memory or storage device 10 shown in FIG. 3 have functions and configurations similar to those in FIG. 3.

The portable memory or storage device 810 includes a connection interface 200, a memory or storage area 300, an access controller 310, a trigger detecting unit 1320, an access prohibition determining unit 350, and access prohibiting unit 360. The trigger detecting unit 320 in this variation has a protective-cover/removal-detecting switch 220, an input switch 230, a time-out detector 335, a preset time storage 500, a network identification information obtaining unit 510, and a travel speed detecting unit 520.

The time-out detector 335 detects whether a first time-out, which occurs when a preset time has elapsed after the portable memory or storage device 810 became unable to communicate with a predetermined device, has occurred. The predetermined device in the present embodiment is the information processing apparatus 110 a,b or c that most recently accessed the portable memory or storage device 810. The preset time storage 500 stores different preset times associated with a plurality of information processing apparatuses 110 a,b or c and makes them available to the time-out detector 335. The network identification information obtaining unit 510 obtains network identification information identifying a communication network to which the information processing apparatus 110 a,b or c, that most recently accessed the portable memory or storage device 810, is connected from the information processing apparatus 110 a,b or c through the connection interface 200. The travel speed detecting unit 520 detects the traveling speed of the information processing apparatus 110 a,b or c that most recently accessed the portable memory or storage device 810 with respect to the portable memory or storage device 810.

FIG. 6 is a flowchart of programming within the portable memory or storage device 810. The steps in FIG. 6 labeled with the same reference numbers as those in the flowchart of FIG. 4 are similar.

First, the portable memory or storage device 10 is attached to information processing apparatus 110 b. Then, the access controller 310 receives an access request from information processing apparatus 110 b and accesses the memory or storage area 300 (S400). Then the network identification information obtaining unit 510 obtains the network identification information identifying the communication network to which information processing apparatus 110 b is connected from information processing apparatus 110 b (S600). The network identification information may be information indicating whether the information processing apparatus 110 b is connected to a network 100 through cable or by wireless, information identifying the access point to which information processing apparatus 110 b is connected, if it is connected to the network 100 by wireless, information identifying the IP address, subnet mask, gateway, and/or DSN server that is set in information processing apparatus 110 b, or the name of the network to which information processing apparatus 110 b is connected. Then, the travel speed detecting unit 520 detects the travel speed of information processing apparatus 110 b with respect to the portable memory or storage device 10 (S610). For example, the travel speed detecting unit 520 may perform close-range wireless communication with information processing apparatus 110 b to detect the relative speed with respect to the portable memory or storage device 10 on the basis of the change rate of strength of radio wave per unit time. Then, the time-out detector 335 selects the preset time associated with information processing apparatus 110 b from among a plurality of preset times stored in the preset time storage 500 (S615). In this way, if, after being accessed by an information processing apparatus 110 a,b or c, the portable memory or storage device 10 has not been accessed by another information apparatus 110 a,b or c, the time-out detector 335 selects the stored present time associated with the information processing apparatus 110 a,b or c. Then, the time-out detector 335 determines whether a first time-out has occurred, that is, the preset time has elapsed after the last access to the portable memory or storage device 10 by the information processing apparatus 110 a,b or c (S415). The time-out detector 335 may determine that the first time-out has occurred if the preset time has elapsed since the portable memory or storage device 10 was removed from information processing apparatus 110 b.

The time-out detector 335 also detects whether a second time-out has occurred, which means that a preset time has elapsed since the protective cover 210 was removed from the connecting interface 200. The preset time used for detecting the second time-out may or may not be the same as the preset time used for detecting the first time-out. The time-out detector 335 may set or change the preset time according to the network identification information obtained by the network identification information obtaining unit 510 or the travel speed of information processing apparatus 110 b detected by the travel speed detecting unit 520. For example, if information processing apparatus 110 b is connected to the intranet of the user's office or the like, the time-out detector 335 may set a longer preset time than in a situation where information processing apparatus 110 b is directly connected to the Internet. This can improve the convenience of the portable memory or storage device 10 by increasing the first time-out period when the portable memory or storage device 810 is used at the office. If information processing apparatus 110 b is connected to the network 100 through cable, the time-out detector 335 may set a longer time compared with the case where information processing apparatus 110 b is connected to the network 100 by wireless. In this way, if it is determined that the portable memory or storage device 810 is being used on the road, the first time-out period can be reduced to adequately protect data. Furthermore, if the travel speed of information processing apparatus 110 b is high, the time-out detector 335 may reduce the preset time compared with the case where the travel speed is low. In this way, if it is determined that the user can travel farther, the first time-out period can be reduced to adequately protect data.

It should be noted that the network identification information obtaining unit 510 and/or the travel speed detection unit 520 may be provided in the portable memory or storage device 10 shown in FIG. 3. In that case, the range detector 325 may set the range according to the network identification information and/or the travel speed. Then, the input switch 230 provides a permission instruction (S420).

The access prohibition determining unit 350 then determines whether access to the data written from information processing apparatus 110 b to the memory or storage area 300 should be prohibited, based on a condition or conditions detected by the trigger detecting unit 320. In particular, the access prohibition determining unit 350 according to the variation of the present embodiment determines whether or not access prohibition should be applied, as follows.

(1) Determination Based on First and/or Second Time-Out:

If a first and/or second time-out is detected by the time-out detector 335 (S430: YES), then the access prohibition determining unit 350 determines that access prohibition should be applied. Thus, if the portable memory or storage device 10 has not been used within the present time, the portable memory or storage device 10 can detect the first time-out and cause the access prohibiting unit 360 to apply access prohibition. Furthermore, the portable memory or storage device 10 can detect a second time-out and cause the access prohibiting unit 360 to apply access prohibition if a preset time has elapsed after the user left the portable memory or storage device 10 unattended during using the portable memory or storage device 10 without the protective cover 210.

(2) Determination Based on Presence or Absence of Protective Cover 210:

If the protective cover 210 is attached to the connection interface 200 (S435: YES), the access prohibition determining unit 350 determines that access prohibition should be applied.

(3) Determination Based on Permission Instruction:

An implementation may be employed in which the access prohibition determining unit 350 prevents the access prohibiting unit 360 from applying access prohibition if a permission instruction is entered by the user (S437: YES), regardless of the result of determinations (1) or (2) described above. If the access prohibition determining unit 350 determines that access prohibition should be applied, the access prohibiting unit 360 applies access prohibition (S440). Then, the portable memory or storage device 810 is attached to an information processing apparatus 110 a,b or c or a third party's information processing apparatus 110 a,b or c and receives a data access request from the information processing apparatus 110 a,b or c. If access is not prohibited by the access prohibiting unit 360 (S455: NO) when receiving the access request, the access controller 310 permits access to a file without request data decryption or authentication (S455). On the other hand, if access is prohibited by the access prohibiting unit 360 (S445: YES), the access controller 310 does not permit access (S455), unless the access prohibition is removed by data decryption by the user of the portable memory or storage device 810 or authentication of the user (S450).

According to the portable memory or storage device 810 described above, when a preset time has elapsed since a user of the portable memory or storage device 810 used the portable memory or storage device 810, data stored on the portable memory or storage device 10 can be protected against third party access. For example, if the preset time is five minutes and if the user of the portable memory or storage device 810 attaches the portable memory or storage device 810 to information processing apparatus 110 b and copies data from information processing apparatus 110 b to the portable memory or storage device 810 in a meeting room, the data can be read out to another person's information processing apparatus 110 c without repeating authentication, provided that five minutes has not elapsed after the copy. On the other hand, if the user drops or leaves the portable memory or storage device 810 behind, the portable memory or storage device 810 can apply access prohibition five minutes after the last access to protect data.

FIG. 7 shows another environment which includes portable memory or storage device 10. The portable memory or storage device 10 in FIG. 7 detects an out-of-range condition of the portable memory or storage device 10 from a mobile device 700, instead of an out-of-range condition from an information processing apparatus 110 a,b or c as described above. The portable memory or storage device 10 has a configuration and function similar to those of the portable memory or storage device 10 shown in FIG. 3.

The mobile device 700 is carried by a user of the portable memory or storage device 10 and authenticates the user of the portable memory or storage device 10 through finger print recognition, for example. The mobile device 700 has an authentication capability and the capability of communicating with the portable memory or storage device 10. The mobile device 700 may be a device such as a mobile phone, digital camera, digital video camera, PDA, or PC that has additional functions. If the mobile device 700 authenticates a user of the portable memory or storage device 10 properly, it notifies the portable memory or storage device 10 that the user has been authenticated and causes the access controller 310 in the portable memory or storage device 10 to remove access prohibition. Accordingly, the user can access data in the portable memory or storage device 10 through information processing apparatus 110 b.

The range detector 325 in the portable memory or storage device 10 detects whether the portable memory or storage device 10 is out of a preset range from the mobile device 700. If an out-of-range condition is detected, the access prohibiting unit 350 in the portable memory or storage device 10 causes the access prohibiting unit 360 to apply access prohibition.

If device 810 substitutes for device 10 in the environment of FIG. 7, a time-out of authentication by a mobile device 700 is detected instead of a time-out of access by an information processing apparatus 110 a,b or c. The range detector 325 in the portable memory or storage device 810 detects a time-out, which occurs when a preset time has elapsed after the portable memory or storage device 810 became unable to communicate with the mobile device 700. Consequently the access prohibition determining unit 350 in the portable memory or storage device 810 can prohibit access to data stored on the portable memory or storage device 810 if the time-out is detected.

FIG. 8 shows an exemplary hardware configuration of apparatus 110 a,b or c. Each of the apparatus 110 a,b, and c includes a CPU program module including a CPU 1000, a RAM 1020, a graphic controller 1075, and a display device 1080 interconnected through a host controller 1082, an input/output program module including a communication interface 1030, a hard disk drive 1040, and a CD-ROM drive 1060 which are connected the host controller 1082 through an input/output controller 1084. Each of the apparatus 110 a,b or c also includes a legacy input/output program module including a ROM 1010, a flexible disk drive 1050, and an input/output chip 1070 which are connected to the input/output controller 1084. The host controller 1082 connects the RAM 1020 with the CPU 1000 and the graphics controller 1075 which access the RAM 1020 at higher transfer rates. The CPU 1000 operates according to programs stored in the ROM 1010 and the RAM 1020 to control each component. The graphic controller 1075 obtains image data generated by the CPU 1000 on a frame buffer provided in the RAM 1020 and causes it on the display device 1080. Alternatively, the graphic controller 1075 may contain a frame buffer for storing image data generated by the CPU 1000. The input/output controller 1084 connects the host controller 1082 with the communication interface 1030, the hard disk drive 1040 and CD-ROM drive 1060, which are relatively fast input/output devices. The communication interface 1030 communicates with external devices through a network. The hard disk drive 1040 stores programs and data used by the CPU 1000 in the apparatus 110 a,b and c. The CD-ROM drive 1060 reads a program or data from the CD-ROM 1095 and provides it to the hard disk drive 1040 through the RAM 1020.

Connected to the input/output controller 1084 are the ROM 1010 and relatively slow input/output devices such as the flexible disk drive 1050 and the input/output chip 1070. The ROM 1010 stores a boot program executed by the apparatus 110 a,b and c during boot-up of the apparatus 110 a,b and c and programs which are dependent on the hardware of the apparatus 110 a,b and c. The flexible disk drive 1050 reads a program or data from a flexible disk 1090 and provides it to the hard disk drive 1040 through the RAM 1020. Connect to the input/output chip 1070 are a flexible disk 1050 and input/output devices through ports such as a parallel port, serial port, keyboard port, and mouse port, for example. A program to be provided to the hard disk drive 1040 through the RAM 1020 is stored on storage medium such as a flexible disk 1090, a CD-ROM 1095, or an IC card and provided by a user to the hard disk drive 1040. The program is read from the storage medium, installed in the portable memory or storage device 10 connected to the apparatus 110 a,b and c through the RAM 1020 and the input/output controller 1084, and executed by a micro controller or the like provided within the portable memory or storage device 10.

The program installed in the portable memory or storage device 10 to cause the portable memory or storage device 10 to perform function according to the present embodiment includes an access processing module, a trigger detecting module having a range detecting module, a preset range managing module and a time detecting module, an access prohibition determining module, and an access prohibiting module having a read prohibiting module, an encrypting module, and read permitting module. The program modules cooperate with the microcomputer or the like in the portable memory or storage device 10 to cause the portable memory or storage device 10 to function as an access controller 310, a trigger detecting unit 320 having a range detecting program module 325, a preset range storage 330, and a time detecting program module 335, an access prohibition determining unit 350, and an access prohibiting unit 360 having a read prohibiting program module 365, an encrypting program module 370, and a read permitting program module 375. The trigger detecting module may have network identification information obtaining module and a travel speed detecting module. The program modules cause the portable memory or storage device 10 to function as a network identification information obtaining unit 510 and a travel speed detecting unit 520.

The programs or modules mentioned above may be stored in an external storage device. Such a storage device may be a flexible disk 1090 or a CD-ROM 1095, or an optical recording medium such as a DVD and CD, a magneto-optical recording medium such as an MO, a tape medium, or a semiconductor memory such as an IC card. Alternatively, a storage such as a hard disk or a RAM provided in a server system connected to a private communication network or the Internet may be used as a storage medium and the program may be provided from the storage to the apparatus 110 a,b and c over the network.

While the present invention has been described with respect to specific embodiments, the technical scope of the present invention is not limited to the embodiments described above. Various modifications and improvements can be made to these embodiment without deviating from the scope of the present invention. For example, the portable memory or storage devices 10 and 810 may further include the capability of permitting access through password authentication, in addition to the access prohibition capability described above. For example, the portable memory or storage devices 10 and 810 may permit access to data stored in the portable memory or storage devices 10 or 810 if a password can be authenticated properly while access prohibition is not applied. If access prohibition is applied, the portable memory or storage devices 10 and 810 may prohibit access to the data regardless of the result of password authentication.

Claims (10)

1. A storage device that is carried by a user, and that sends and receives data to/from an information processing apparatus, comprising:
a switch that enters a grant instruction not to conduct an access prevention processing for preventing an access to a portion or all of data recorded in the storage device, by being pressed by the user;
an access prevention processing unit that conducts the access prevention processing in a case of detecting an isolation state where if the storage device is more than a preset distance from a predetermined instrument or a timeout state where a preset setting time or longer has passed since the storage device can no longer communicate with the predetermined instrument, and that does not conduct the access prevention processing in the case of detecting at least either the isolation state or the timeout state, on condition that a grant instruction is entered under the condition that the storage device can send/receive data to/from the predetermined instrument; and
an access processing unit that grants the access to the data if the access prevention processing has not been conducted in the case of receiving an access request to the data from the information processing apparatus, and that that does not grant the access to the data if the access prevention processing has been conducted;
wherein the access prevention processing unit encrypts the data recorded in the storage device, in the case of detecting at least either the isolation state or the timeout state; and
wherein the access prevention processing unit comprises:
a reading prevention unit for preventing reading the data in the case of detecting at least either the isolation state or the timeout state;
an encrypting unit for encrypting the data where reading has been prevented; and
a reading permitting unit for granting to read an encrypted data.
2. The storage device according to claim 1, wherein
the access prevention processing unit deletes the data recorded in the storage device in the case of detecting at least either the isolation state or the timeout state.
3. A storage device that is carried by a user, and that sends and receives data to/from an information processing apparatus, comprising:
a switch that enters a grant instruction not to conduct an access prevention processing for preventing an access to a portion or all of data recorded in the storage device, by being pressed by the user;
an access prevention processing unit that conducts the access prevention processing in a case of detecting an isolation state where if the storage device is more than a preset distance from a predetermined instrument or a timeout state where a preset setting time or longer has passed since the storage device can no longer communicate with the predetermined instrument, and that does not conduct the access prevention processing in the case of detecting at least either the isolation state or the timeout state, on condition that a grant instruction is entered under the condition that the storage device can send/receive data to/from the predetermined instrument; and
an access processing unit that grants the access to the data if the access prevention processing has not been conducted in the case of receiving an access request to the data from the information processing apparatus, and that that does not grant the access to the data if the access prevention processing has been conducted;
wherein the access prevention processing unit encrypts the data recorded in the storage device, in the case of detecting at least either the isolation state or the timeout state; and
wherein the access prevention processing unit comprises:
a reading prevention unit for moving the data to a protective region, which is a storage region in the storage device, and can be read only by an authorized user, in the case of detecting at least either the isolation state or the timeout state; and
an encrypting unit for encrypting the data moved to the protective region.
4. A storage device that is carried by a user, and that sends and receives data to/from an information processing apparatus, comprising:
a switch that enters a grant instruction not to conduct an access prevention processing for preventing an access to a portion or all of data recorded in the storage device, by being pressed by the user;
an access prevention processing unit that conducts the access prevention processing in a case of detecting an isolation state where if the storage device is more than a preset distance from a predetermined instrument or a timeout state where a preset setting time or longer has passed since the storage device can no longer communicate with the predetermined instrument, and that does not conduct the access prevention processing in the case of detecting at least either the isolation state or the timeout state, on condition that a grant instruction is entered under the condition that the storage device can send/receive data to/from the predetermined instrument; and
an access processing unit that grants the access to the data if the access prevention processing has not been conducted in the case of receiving an access request to the data from the information processing apparatus, and that that does not grant the access to the data if the access prevention processing has been conducted;
a connection interface that is connected to the information processing apparatus, and that sends/receives data to/from the information processing apparatus;
a protective cover that is mounted to the connection interface under the condition where the storage device is not connected to the information processing apparatus, and that is removed from the connection interface in the case of connecting the storage device with the information processing apparatus; and
a time detecting unit for detecting whether or not the storage device has become the timeout state where a preset time period has passed since the protective cover is removed from the connection interface; wherein
the access prevention processing unit conducts the access prevention processing by detecting at least the isolation state or the timeout state by the time detecting unit.
5. The storage device according to claim 4, wherein
the access prevention processing unit conducts the access prevention processing by at least detecting the isolation state or the timeout state by the time detecting unit, or, by mounting the protective cover to the connection interface.
6. A storage device that is carried by a user, and that sends and receives data to/from an information processing apparatus, comprising:
a switch that enters a grant instruction not to conduct an access prevention processing for preventing an access to a portion or all of data recorded in the storage device, by being pressed by the user;
an access prevention processing unit that conducts the access prevention processing in a case of detecting an isolation state where if the storage device is more than a preset distance from a predetermined instrument or a timeout state where a preset setting time or longer has passed since the storage device can no longer communicate with the predetermined instrument, and that does not conduct the access prevention processing in the case of detecting at least either the isolation state or the timeout state, on condition that a grant instruction is entered under the condition that the storage device can send/receive data to/from the predetermined instrument; and
an access processing unit that grants the access to the data if the access prevention processing has not been conducted in the case of receiving an access request to the data from the information processing apparatus, and that that does not grant the access to the data if the access prevention processing has been conducted; wherein
the predetermined instrument is a first information processing apparatus accessed to the storage device; and
the access processing unit grants the access to the data in the case that the access prevention processing has not been conducted and does not grant the access to the data in the case that the access prevention processing has been conducted, when an access request to the data is received from the information processing apparatus.
7. The storage device according to claim 6, wherein
the storage device is detachable from the information processing apparatus, and is connected to the information processing apparatus and sends/receives data to/from the information processing apparatus; and
the storage device further comprises a distance detecting unit for detecting whether or not the storage device becomes the isolation state after the storage device is removed from the first information processing apparatus.
8. The storage device according to claim 6, comprising the access prevention processing unit for deleting data recorded in the storage device if it is determined that the same data as the data is recorded in the first information processing apparatus, and for not deleting data recorded in the storage device if it is determined that the same data as the data is not recorded in the first information processing apparatus, when the isolation state is detected.
9. The storage device according to 6, further comprising a setting distance recording unit for recording the setting distance, which is different from each other according to each of a plurality of first information apparatuses, wherein
when the storage device has not been accessed from another first information processing apparatus after being accessed by one of the first information processing apparatus, the storage device further comprises a distance detecting unit for detecting the isolation state if the storage device is more than the preset distance stored in association with one of the first information processing apparatuses from the first information processing apparatus.
10. A storage device that is carried by a user, and that sends and receives data to/from an information processing apparatus, comprising:
a switch that enters a grant instruction not to conduct an access prevention processing for preventing an access to a portion or all of data recorded in the storage device, by being pressed by the user;
an access prevention processing unit that conducts the access prevention processing in a case of detecting an isolation state where if the storage device is more than a preset distance from a predetermined instrument or a timeout state where a preset setting time or longer has passed since the storage device can no longer communicate with the predetermined instrument, and that does not conduct the access prevention processing in the case of detecting at least either the isolation state or the timeout state, on condition that a grant instruction is entered under the condition that the storage device can send/receive data to/from the predetermined instrument; and
an access processing unit that grants the access to the data if the access prevention processing has not been conducted in the case of receiving an access request to the data from the information processing apparatus, and that that does not grant the access to the data if the access prevention processing has been conducted; wherein
the predetermined instrument is a first information processing apparatus; and
the storage device further comprises a time detecting unit for detecting whether or not the storage device becomes the timeout state after the storage device is accessed from the first information processing apparatus at last.
US11081066 2004-03-22 2005-03-15 System, method and program product to prevent unauthorized access to portable memory or storage device Expired - Fee Related US7496765B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2004082674A JP4140905B2 (en) 2004-03-22 2004-03-22 Storage and program
JP2004-082674 2004-03-22

Publications (2)

Publication Number Publication Date
US20050206353A1 true US20050206353A1 (en) 2005-09-22
US7496765B2 true US7496765B2 (en) 2009-02-24

Family

ID=34985572

Family Applications (1)

Application Number Title Priority Date Filing Date
US11081066 Expired - Fee Related US7496765B2 (en) 2004-03-22 2005-03-15 System, method and program product to prevent unauthorized access to portable memory or storage device

Country Status (2)

Country Link
US (1) US7496765B2 (en)
JP (1) JP4140905B2 (en)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060279874A1 (en) * 2005-06-09 2006-12-14 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Method and system for rotational control of data storage devices
US20070033352A1 (en) * 2005-05-09 2007-02-08 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Limited use data storing device
US20070041231A1 (en) * 2005-08-05 2007-02-22 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Memory device activation and deactivation
US20070061370A1 (en) * 2005-09-09 2007-03-15 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Data retrieval methods
US20070192601A1 (en) * 2005-08-03 2007-08-16 Spain John D System and method for user identification and authentication
US20080040287A1 (en) * 2005-11-14 2008-02-14 Dresser, Inc. Fuel Dispenser Management
US20080086680A1 (en) * 2006-05-27 2008-04-10 Beckman Christopher V Techniques of document annotation according to subsequent citation
US20080092219A1 (en) * 2006-05-27 2008-04-17 Beckman Christopher V Data storage and access facilitating techniques
US20080175126A1 (en) * 2005-05-09 2008-07-24 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Fluid mediated disk activation and deactivation mechanisms
US20090024771A1 (en) * 2006-03-30 2009-01-22 Fujitsu Limited Information processing apparatus, managing method, computer-readable recoding medium storing managing program therein, and electronic apparatus
US20090122666A1 (en) * 2005-08-05 2009-05-14 Searete Llc Limited use memory device with associated information
US20090122670A1 (en) * 2005-09-09 2009-05-14 Searete Llc Data retrieval systems
US20090144533A1 (en) * 2007-11-29 2009-06-04 Mulcahy Luke M Firmware exclusive access of a peripheral storage device
US20090319422A1 (en) * 2002-10-10 2009-12-24 Intercomputer Corporation Secure electronic payment messaging system with reconcilable finality
US20100034065A1 (en) * 2005-05-09 2010-02-11 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Rotation responsive disk activation and deactivation mechanisms
US20100058004A1 (en) * 2005-05-09 2010-03-04 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Method of manufacturing a limited use data storing device
US20100228906A1 (en) * 2009-03-06 2010-09-09 Arunprasad Ramiya Mothilal Managing Data in a Non-Volatile Memory System
US20100277828A1 (en) * 2006-06-19 2010-11-04 Searette Llc, A Limited Liability Corporation Of The State Of Delaware Method and system for fluid mediated disk activation and deactivation
US20110019509A1 (en) * 2005-05-09 2011-01-27 Searete Llc, A Limited Liability Corporation Of State Of Delaware Limited use data storing device
US20110035574A1 (en) * 2009-08-06 2011-02-10 David Jevans Running a Computer from a Secure Portable Device
US20110035513A1 (en) * 2009-08-06 2011-02-10 David Jevans Peripheral Device Data Integrity
US8089839B2 (en) 2005-05-09 2012-01-03 The Invention Science Fund I, Llc Method and system for fluid mediated disk activation and deactivation
US8462605B2 (en) 2005-05-09 2013-06-11 The Invention Science Fund I, Llc Method of manufacturing a limited use data storing device
USRE45422E1 (en) 2006-05-27 2015-03-17 Loughton Technology, L.L.C. Organizational viewing techniques
US9202439B2 (en) 2012-05-24 2015-12-01 Mitsubishi Electric Corporation Display information collecting device and HMI system
US20150347767A1 (en) * 2014-06-03 2015-12-03 Kabushiki Kaisha Toshiba Digital multi-function peripheral and data protection method of external memory
US9401254B2 (en) 2006-05-27 2016-07-26 Gula Consulting Limited Liability Company Electronic leakage reduction techniques

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060212535A1 (en) 2005-03-21 2006-09-21 Marvell World Trade Ltd. Network system for distributing protected content
US8683080B2 (en) 2005-03-21 2014-03-25 Marvell World Trade Ltd. Network system for distributing protected content
US8314700B2 (en) * 2005-08-11 2012-11-20 International Business Machines Corporation Deterring theft of mobile electronic devices
US8661540B2 (en) 2005-10-07 2014-02-25 Imation Corp. Method and apparatus for secure credential entry without physical entry
US8528096B2 (en) * 2005-10-07 2013-09-03 Stmicroelectronics, Inc. Secure universal serial bus (USB) storage device and method
JP2007140621A (en) * 2005-11-15 2007-06-07 Kengen Chin Method for identification function-equipped usb interface device
US20070120643A1 (en) * 2005-11-25 2007-05-31 Jiunn-Chung Lee Portable storage device with wireless identification function
JP2007148670A (en) * 2005-11-25 2007-06-14 Matsushita Electric Ind Co Ltd Mobile terminal device
US20070200674A1 (en) * 2006-02-14 2007-08-30 Garmin Ltd., A Cayman Islands Corporation Electronic device having a location-based security feature
JP4769861B2 (en) * 2006-03-30 2011-09-07 富士通株式会社 The electronic device, management method and management program
WO2007116453A1 (en) * 2006-03-30 2007-10-18 Fujitsu Limited Electronic apparatus, management method, and management program
KR101017967B1 (en) 2006-03-30 2011-03-02 후지쯔 가부시끼가이샤 Electronic device, information processing device
JP4916338B2 (en) * 2007-02-26 2012-04-11 キヤノン株式会社 Peripheral device and an access control method
KR100791583B1 (en) * 2007-03-31 2008-01-04 (주)융스그룹 Earphone gender with usb connector
WO2008129814A1 (en) * 2007-04-06 2008-10-30 Nakagawa Insatsujyo Inc. Usb key
US8667604B2 (en) * 2007-09-13 2014-03-04 Microsoft Corporation Protection of software on portable medium
US8745346B2 (en) 2008-03-18 2014-06-03 Microsoft Corporation Time managed read and write access to a data storage device
CN101256608B (en) * 2008-03-25 2010-04-07 北京飞天诚信科技有限公司 Safe operation method and system
JP5160940B2 (en) * 2008-04-16 2013-03-13 株式会社 沖情報システムズ A hard disk device
JP4735665B2 (en) * 2008-05-22 2011-07-27 コニカミノルタビジネステクノロジーズ株式会社 The information processing apparatus
WO2010083593A1 (en) * 2009-01-21 2010-07-29 Memory Experts International Inc. Removable memory storage device with multiple authentication processes
JP5482059B2 (en) * 2009-03-13 2014-04-23 富士通株式会社 Storage, and a program for controlling access to a storage device
WO2010110738A1 (en) * 2009-03-26 2010-09-30 Nanyang Polytechnic Loss protection system for portable media
JP5545433B2 (en) * 2010-03-04 2014-07-09 サクサ株式会社 Operation control method for a portable electronic device and a portable electronic device
DE112012004804T5 (en) 2011-11-19 2014-07-31 International Business Machines Corporation storage unit
US8601597B2 (en) * 2011-12-29 2013-12-03 Elwha Llc System and method for protecting data stored on a removable data storage device
EP2677456A1 (en) * 2012-06-19 2013-12-25 Mikael Seppälä A memory device reminder
JP5993836B2 (en) * 2013-11-28 2016-09-14 京セラドキュメントソリューションズ株式会社 Authentication apparatus and an image forming apparatus
US9848291B2 (en) * 2014-09-18 2017-12-19 Booz Allen Hamilton Inc. System and method for location-based security
US20170289758A1 (en) * 2016-03-29 2017-10-05 Intel Corporation Technologies for preventing loss of compute devices in a cluster
US9841490B1 (en) 2017-01-17 2017-12-12 Booz Allen Hamilton Inc. System and method for detecting movement of a mobile asset and controlling operations of the asset based on its movement

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH01226314A (en) 1988-03-08 1989-09-11 Toyota Motor Corp Preparation of resin molded item
JPH0620114A (en) 1992-06-30 1994-01-28 Tokimec Inc Code collating system
US5371793A (en) * 1992-07-10 1994-12-06 Mitsubishi Denki Kabushiki Kaisha Data storage device and method of accessing the data storage device
JP2002175355A (en) 2000-12-08 2002-06-21 Hitachi Information & Control Systems Inc Ic card passenger transportation ticket and ic card passenger transportation ticket alarm call system
JP2002216099A (en) 2001-01-16 2002-08-02 Joho Net:Kk Portable data recording terminal
US20030217151A1 (en) 2002-03-01 2003-11-20 Roese John J. Location based data
US7013481B1 (en) * 2000-03-31 2006-03-14 Intel Corporation Attestation key memory device and bus

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH01226314A (en) 1988-03-08 1989-09-11 Toyota Motor Corp Preparation of resin molded item
JPH0620114A (en) 1992-06-30 1994-01-28 Tokimec Inc Code collating system
US5371793A (en) * 1992-07-10 1994-12-06 Mitsubishi Denki Kabushiki Kaisha Data storage device and method of accessing the data storage device
US7013481B1 (en) * 2000-03-31 2006-03-14 Intel Corporation Attestation key memory device and bus
JP2002175355A (en) 2000-12-08 2002-06-21 Hitachi Information & Control Systems Inc Ic card passenger transportation ticket and ic card passenger transportation ticket alarm call system
JP2002216099A (en) 2001-01-16 2002-08-02 Joho Net:Kk Portable data recording terminal
US20030217151A1 (en) 2002-03-01 2003-11-20 Roese John J. Location based data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Information Materials for IDS from our Japanese IP Law department.

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090319422A1 (en) * 2002-10-10 2009-12-24 Intercomputer Corporation Secure electronic payment messaging system with reconcilable finality
US8380622B2 (en) 2002-10-10 2013-02-19 Intercomputer Corporation Secure electronic payment messaging system with reconcilable finality
US8462605B2 (en) 2005-05-09 2013-06-11 The Invention Science Fund I, Llc Method of manufacturing a limited use data storing device
US7916592B2 (en) 2005-05-09 2011-03-29 The Invention Science Fund I, Llc Fluid mediated disk activation and deactivation mechanisms
US20110019509A1 (en) * 2005-05-09 2011-01-27 Searete Llc, A Limited Liability Corporation Of State Of Delaware Limited use data storing device
US8089839B2 (en) 2005-05-09 2012-01-03 The Invention Science Fund I, Llc Method and system for fluid mediated disk activation and deactivation
US8218262B2 (en) 2005-05-09 2012-07-10 The Invention Science Fund I, Llc Method of manufacturing a limited use data storing device including structured data and primary and secondary read-support information
US8220014B2 (en) 2005-05-09 2012-07-10 The Invention Science Fund I, Llc Modifiable memory devices having limited expected lifetime
US20080175126A1 (en) * 2005-05-09 2008-07-24 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Fluid mediated disk activation and deactivation mechanisms
US8745347B2 (en) 2005-05-09 2014-06-03 The Invention Science Fund I, Llc Limited use data storing device
US20100058004A1 (en) * 2005-05-09 2010-03-04 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Method of manufacturing a limited use data storing device
US20100034065A1 (en) * 2005-05-09 2010-02-11 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Rotation responsive disk activation and deactivation mechanisms
US20070033352A1 (en) * 2005-05-09 2007-02-08 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Limited use data storing device
US8121016B2 (en) 2005-05-09 2012-02-21 The Invention Science Fund I, Llc Rotation responsive disk activation and deactivation mechanisms
US8099608B2 (en) 2005-05-09 2012-01-17 The Invention Science Fund I, Llc Limited use data storing device
US20060279874A1 (en) * 2005-06-09 2006-12-14 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Method and system for rotational control of data storage devices
US7916615B2 (en) 2005-06-09 2011-03-29 The Invention Science Fund I, Llc Method and system for rotational control of data storage devices
US20070192601A1 (en) * 2005-08-03 2007-08-16 Spain John D System and method for user identification and authentication
US20090122666A1 (en) * 2005-08-05 2009-05-14 Searete Llc Limited use memory device with associated information
US9396752B2 (en) * 2005-08-05 2016-07-19 Searete Llc Memory device activation and deactivation
US8159925B2 (en) 2005-08-05 2012-04-17 The Invention Science Fund I, Llc Limited use memory device with associated information
US20070041231A1 (en) * 2005-08-05 2007-02-22 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Memory device activation and deactivation
US20090122670A1 (en) * 2005-09-09 2009-05-14 Searete Llc Data retrieval systems
US8140745B2 (en) 2005-09-09 2012-03-20 The Invention Science Fund I, Llc Data retrieval methods
US20070061370A1 (en) * 2005-09-09 2007-03-15 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Data retrieval methods
US8332724B2 (en) 2005-09-09 2012-12-11 The Invention Science Fund I, Llc Data retrieval systems
US20090122660A1 (en) * 2005-09-09 2009-05-14 Searete Llc. Data retrieval systems
US20080040287A1 (en) * 2005-11-14 2008-02-14 Dresser, Inc. Fuel Dispenser Management
US8554688B2 (en) * 2005-11-14 2013-10-08 Dresser, Inc. Fuel dispenser management
US8335869B2 (en) 2006-03-30 2012-12-18 Fujitsu Limited Information processing apparatus, managing method, computer-readable recording medium storing managing program therein, and portable data storage apparatus
US20090024771A1 (en) * 2006-03-30 2009-01-22 Fujitsu Limited Information processing apparatus, managing method, computer-readable recoding medium storing managing program therein, and electronic apparatus
US8914865B2 (en) * 2006-05-27 2014-12-16 Loughton Technology, L.L.C. Data storage and access facilitating techniques
US9401254B2 (en) 2006-05-27 2016-07-26 Gula Consulting Limited Liability Company Electronic leakage reduction techniques
US20080086680A1 (en) * 2006-05-27 2008-04-10 Beckman Christopher V Techniques of document annotation according to subsequent citation
US20080092219A1 (en) * 2006-05-27 2008-04-17 Beckman Christopher V Data storage and access facilitating techniques
USRE45422E1 (en) 2006-05-27 2015-03-17 Loughton Technology, L.L.C. Organizational viewing techniques
US8264928B2 (en) 2006-06-19 2012-09-11 The Invention Science Fund I, Llc Method and system for fluid mediated disk activation and deactivation
US20100277828A1 (en) * 2006-06-19 2010-11-04 Searette Llc, A Limited Liability Corporation Of The State Of Delaware Method and system for fluid mediated disk activation and deactivation
US20090144533A1 (en) * 2007-11-29 2009-06-04 Mulcahy Luke M Firmware exclusive access of a peripheral storage device
US8250353B2 (en) * 2007-11-29 2012-08-21 Hewlett-Packard Development Company, L.P. Firmware exclusive access of a peripheral storage device
US20100228906A1 (en) * 2009-03-06 2010-09-09 Arunprasad Ramiya Mothilal Managing Data in a Non-Volatile Memory System
US8683088B2 (en) * 2009-08-06 2014-03-25 Imation Corp. Peripheral device data integrity
US20140337592A1 (en) * 2009-08-06 2014-11-13 Imation Corp. Peripheral device data integrity
US8745365B2 (en) 2009-08-06 2014-06-03 Imation Corp. Method and system for secure booting a computer by booting a first operating system from a secure peripheral device and launching a second operating system stored a secure area in the secure peripheral device on the first operating system
US20110035574A1 (en) * 2009-08-06 2011-02-10 David Jevans Running a Computer from a Secure Portable Device
US20110035513A1 (en) * 2009-08-06 2011-02-10 David Jevans Peripheral Device Data Integrity
US9202439B2 (en) 2012-05-24 2015-12-01 Mitsubishi Electric Corporation Display information collecting device and HMI system
US20150347767A1 (en) * 2014-06-03 2015-12-03 Kabushiki Kaisha Toshiba Digital multi-function peripheral and data protection method of external memory
US9672386B2 (en) * 2014-06-03 2017-06-06 Kabushiki Kaisha Toshiba Digital multi-function peripheral and data protection method of external memory

Also Published As

Publication number Publication date Type
JP2005267533A (en) 2005-09-29 application
US20050206353A1 (en) 2005-09-22 application
JP4140905B2 (en) 2008-08-27 grant

Similar Documents

Publication Publication Date Title
US6268788B1 (en) Apparatus and method for providing an authentication system based on biometrics
US7873837B1 (en) Data security for electronic data flash card
US6367017B1 (en) Apparatus and method for providing and authentication system
US20070168677A1 (en) Changing user authentication method by timer and the user context
US20050221853A1 (en) User authentication using a mobile phone SIM card
US20090228714A1 (en) Secure mobile device with online vault
US20070083939A1 (en) Secure universal serial bus (USB) storage device and method
US6122737A (en) Method for using fingerprints to distribute information over a network
US20070199058A1 (en) Method of using a security token
US6845908B2 (en) Storage card with integral file system, access control and cryptographic support
US7299364B2 (en) Method and system to maintain application data secure and authentication token for use therein
US20060126422A1 (en) Memory device and electronic device using the same
US6996547B1 (en) Method for purchasing items over a non-secure communication channel
US7272723B1 (en) USB-compliant personal key with integral input and output devices
US7103782B1 (en) Secure memory and processing system having laser-scribed encryption key
US20010039620A1 (en) Method for protecting a memory card, and a memory card
US6775776B1 (en) Biometric-based authentication in a nonvolatile memory device
US20070237366A1 (en) Secure biometric processing system and method of use
US20070150736A1 (en) Token-enabled authentication for securing mobile devices
US20050097338A1 (en) Biometrics parameters protected USB interface portable data storage device with USB interface accessible biometrics processor
US20060053302A1 (en) Information processing apparatus with security module
US7302571B2 (en) Method and system to maintain portable computer data secure and authentication token for use therein
US7447911B2 (en) Electronic identification key with portable application programs and identified by biometrics authentication
US20050138389A1 (en) System and method for making password token portable in trusted platform module (TPM)
US20060018484A1 (en) Information processing device, information processing system, and program

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SENGOKU, YASUHIKO;REEL/FRAME:016015/0211

Effective date: 20050314

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
FP Expired due to failure to pay maintenance fee

Effective date: 20130224